March 25, 2014

Basecamp Hit With DDoS Attack, Extortion

Online project management company Basecamp suffered a distributed denial-of-service (DDoS) attack Monday morning that temporarily shut down its services, the company said.

The “criminals” behind the incident also tried to extort money in exchange for ending their attack – a demand Basecamp refused, choosing instead to work with their network providers to resolve the situation.

Then suddenly, about two hours after the attack began, it abruptly stopped.

Basecamp said it is collaborating with the other victims of the same group, and with law enforcement.

“We’ve been in contact with multiple other victims of the same group, and unfortunately the pattern in those cases were one of on/off attacks,” Basecamp wrote in a blog post, adding that the criminals behind the attack were “sophisticated and well-armed.”

“While things are currently back to normal for almost everyone (a few lingering network quarantine issues remain, but should be cleared up shortly), there’s no guarantee that the attack will not resume. So for the time being we remain on high alert.”

The company said it was able to keep all its customers up to date using a combination of status.basecamp.com, Twitter and an off-site Gist – tools it will use in the future if they are attacked again.

Basecamp reassured users that their data is safe, noting that the attackers only wanted to blackmail the company into paying to avoid future attacks.

A technical post mortem of the incident will be provided on Wednesday if the attack does not resume.